Find the key ID and key ARN
To identify an AWS KMS key, you can use the key ID or the Amazon Resource Name (key ARN). In cryptographic operations, you can also use the alias name or alias ARN.
You can use the AWS KMS console
For detailed information about the KMS key identifiers supported by AWS KMS, see Key identifiers (KeyId). For help finding an alias name and alias ARN, see Find the alias name and alias ARN for a KMS key.
-
Open the AWS KMS console at https://console.aws.amazon.com/kms
. -
To change the AWS Region, use the Region selector in the upper-right corner of the page.
-
To view the keys in your account that you create and manage, in the navigation pane choose Customer managed keys. To view the keys in your account that AWS creates and manages for you, in the navigation pane, choose AWS managed keys.
-
To find the key ID for a KMS key, see the row that begins with the KMS key alias.
The Key ID column appears in the tables by default. If the Key ID column doesn't appear in your table, use the procedure described in Customize your console view to restore it. You can also view the key ID of a KMS key on its details page.
-
To find the Amazon Resource Name (ARN) of the KMS key, choose the key ID or alias. The key ARN appears in the General Configuration section.
To find the key ID and key ARN of an AWS KMS key, use the ListKeys operation.
The ListKeys operation returns the key ID and Amazon Resource Name
(ARN) of all KMS keys in the caller's account and Region.
For example, this call to the ListKeys operation returns the ID and
ARN of each KMS key in this fictitious account. For examples in multiple
programming languages, see Use ListKeys with an AWS SDK or CLI.
$aws kms list-keys{ "Keys": [ { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyArn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "KeyArn": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ] }
